473,320 Members | 1,920 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Advanced Session State

I have a static class member that returns the ID of the current user. When
it is called, it checks if the value is already stored in the session state,
if it is, that value is returned. Otherwise, Membership methods are called
to obtain the ID, that value is stored in the session state, and that value
is then returned.

This appears to work fine. However, I'm now giving users of one type the
ability to "impersonate" another. In this case, I set the ID in the session
state to the user that is being impersonated.

This, too, seems to work. But now I'm worried about application cycling. If
the application cycles and session state is lost while one user is
impersonating another, I'll get all sorts of errors. If that's not enough, I
just read something I didn't quite understand that Session data is not saved
everytime an exception is raised and not cleared. ???

My question is would there be any way to check if this has happened and not
allow things to continue if the ID of the user being impersonated is lost?

Thanks for any tips.

Jonathan

Jun 27 '08 #1
2 1179
yes, session would be null at that point so a simple test will tell you
this. However, you shouldn't develop code for something that is least likely
to occur. Develop your logic as is and use a combination of exception
handling and if statements to catch the case where exceptions occur such as
null session values.

--

Regards,
Alvin Bruney [MVP ASP.NET]

[Shameless Author plug]
The O.W.C. Black Book, 2nd Edition
Exclusively on www.lulu.com/owc $19.99
-------------------------------------------------------
"Jonathan Wood" <jw***@softcircuits.comwrote in message
news:#0**************@TK2MSFTNGP02.phx.gbl...
I have a static class member that returns the ID of the current user. When
it is called, it checks if the value is already stored in the session
state, if it is, that value is returned. Otherwise, Membership methods are
called to obtain the ID, that value is stored in the session state, and
that value is then returned.

This appears to work fine. However, I'm now giving users of one type the
ability to "impersonate" another. In this case, I set the ID in the
session state to the user that is being impersonated.

This, too, seems to work. But now I'm worried about application cycling.
If the application cycles and session state is lost while one user is
impersonating another, I'll get all sorts of errors. If that's not enough,
I just read something I didn't quite understand that Session data is not
saved everytime an exception is raised and not cleared. ???

My question is would there be any way to check if this has happened and
not allow things to continue if the ID of the user being impersonated is
lost?

Thanks for any tips.

Jonathan
Jun 27 '08 #2
Jonathan Wood wrote:
session state,.... But now I'm worried about application
cycling. If the application cycles and session state is lost while
If you use out-of-process session state, that problem ceases.

http://msdn.microsoft.com/en-us/library/ms972429.aspx

(Except they've written config.web instead of web.config.)

Andrew
Jun 27 '08 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: Michael J. Wendell | last post by:
Hello, I am trying to debug an issue with sessions in my ASP 3.0 web application, which runs fine on WIN2K Pro and WINXP Pro, yet fails to function correctly on WIN2K Advanced Server. My actual...
5
by: Phil Grimpo | last post by:
I have a very odd situation here. I have an administration page, where based on a users permissions, a recordset is called from the SQL server which has a list of paths to "Module Menus". Each of...
2
by: John A Grandy | last post by:
for high traffic public websites , what are the proven options for session-state storage & management ? is an out-of-process state-server generally preferred over a sql-server ? what are the...
1
by: Johan Nedin | last post by:
Hello! I have a problem with SQLSession state on my ASP.NET pages. SQLSession state behaves very different from InProcess session state, which I think is very bad. I can understand some of...
10
by: tshad | last post by:
I have been using the default session state (InProc) and have found that I have been loosing my information after a period of time (normally 20 minutes). Is there anyway to find out how much...
9
by: McGeeky | last post by:
Is there a way to get a user control to remember its state across pages? I have a standard page layout I use with a header and footer as user controls. Each page uses the same layout by means of...
18
by: BillE | last post by:
When a user opens a new IE browser window using File-New-Window the integrity of an application which relies on session state is COMPLETELY undermined. Anyone who overlooks the fact that...
11
by: Glenn | last post by:
Hi I've been experimenting with managing state using the Session object. I've created a simple WS with a couple of methods, one which sets a string value, another that retrieves it. Each...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.